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AMENDMENTS TO THE CLAIMS 

Please amend claims 1-3, 5, 9, 14-16, and 18 as set forth below. Please cancel claims 7, 13, 
20, and 22-25 without prejudice to the subject matters thereof. Please add claims 26-32 as set forth 
below. Claims 4, 6, 8, 10-12, 17, 19, and 21 remain unchanged. 

1 . (currently amended) A method for enabling privileges comprising: 
establishing a session on behalf of a user; 

receiving a request to enable database privileges for the user; 

verifying trusted security logic has been executed prior to receiving the request to enable 
database privileges , wherein the act of verifying the trusted security logic comprises verifying a 
proxy user ; and 

enabling database privileges for the user if the trusted security logic has been executed prior 
to receiving the request to enable the database privileges. 

2. (currently amended) The method of claim 1, further comprising: 
storing call information in one or more frames of a call stack; and wherein 

the act of verifying further comprises determining whether the one or more frames of the call 
stack corresponds to the trusted security logic. 

3. (currently amended) The method of claim 1, wherein the act of verifying the trusted security 
logic further comprises verifying an application name. 

4. (original) The method of claim 3, wherein the act of verifying the trusted security logic 
further includes verifying a security function name. 

5. (currently amended) The method of claim 1, wherein the act of verifying trusted security 
logic further comprises verifying a module name. 

6. (original) The method of claim 1, further comprising: 
collecting one or more session parameters; 

comparing the one or more session parameters against a set of trusted security parameters 
defined in a security function; and 
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returning a result indicating whether the one or more session parameters matches the set of 
trusted security parameters. 

Claim 7 (cancelled) 

8. (original) The method of claim 1, further comprising: 
receiving information identifying the user; 
prompting the user for a password; 

authenticating the user based on information stored in an application program; and 
associating the user with a role. 

9. (currently amended) A client-server computer system comprising: 
a computer including: 

a processor, 

a main memory communicatively coupled to the processor; and 

a disk storage communicatively coupled to the processor; 
a database running on the computer from the main memory, the database further comprising: 

one or more data structures stored in the disk storage, and 

a call stack stored in the main memory; 
an application program coupled to the database and configured to support a user; and 
a metadata repository embodied in the one or more data structures stored in the disk storage, 
the metadata repository comprising trusted security logic; wherein 

the application program is configured to initiate a call to enable database privileges, the call 
causing information to be stored in one or more frames of the call stack and one or more security 
functions to be executed; and wherein 
the database is configured to: 

verify the call stack comprises one or more frames corresponding to the trusted 
security logic; a»d 

test a proxy user; and 

enable database privileges for the user if the trusted security logic is contained in the 
one or more frames of the call stack. 
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10. (original) The client-server computer system of claim 9, wherein the application program 
resides with the database in the computer. 

1 1 . (original) The client-server computer system of claim 9, wherein the application program 
resides on a separate computer communicatively coupled to the database. 

12. (original) The client-server computer system of claim 9, wherein the trusted security logic 
includes a schema name and a security package name. 

Claim 13 (cancelled) 

14. (currently amended) A computer-readable medium have having stored therein one or more 
sequences of instruction for enabling privileges, the one or more sequences of instructions causing 
one or more processors to perform a number of acts, said acts comprising: 

establishing a session on behalf of a user; 

receiving a request to enable database privileges for the user; 

verifying trusted security logic has been executed prior to receiving the request to enable 
database privileges , wherein the act of verifying the trusted security logic comprises verifying a 
proxy user ; and 

enabling database privileges for the user if the trusted security logic has been executed prior 
to receiving the request to enable the database privileges. 

15. (currently amended) The computer-readable medium of claim 14, further comprising: 
storing call information in one or more frames of a call stack; and wherein 

the act of verifying further comprises determining whether the one or more frames of the call 
stack corresponds to the trusted security logic. 

16. (currently amended) The computer-readable medium of claim 14, wherein the act of 
verifying the trusted security logic further comprises verifying an application name. 

17. (original) The computer-readable medium of claim 16, wherein the act of verifying the 
trusted security logic further includes verifying a security function name. 
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18. (currently amended) The computer-readable medium of claim 14, wherein the act of 
verifying trusted security logic further comprises verifying a module name. 

19. (original) The computer-readable medium of claim 14, further comprising: 
collecting one or more session parameters; 

comparing the one or more session parameters against a set of trusted security parameters 
defined in a security function; and 

returning a result indicating whether the one or more session parameters matches the set of 
trusted security parameters. 

Claim 20 (cancelled) 

21. (original) The computer-readable medium of claim 14, further comprising: 
receiving information identifying the user; 
prompting the user for a password; 

authenticating the user based on information stored in an application program; and 
associating the user with a role. 

Claims 22-25 (cancelled) 

26. (new) A system for enabling privileges comprising: 
means for establishing a session on behalf of a user; 

means for receiving a request to enable database privileges for the user; 

means for verifying trusted security logic has been executed prior to receiving the request to 
enable database privileges, wherein means for verifying the trusted security logic comprises means 
for verifying a proxy user; and 

means for enabling database privileges for the user if the trusted security logic has been 
executed prior to receiving the request to enable the database privileges. 

27. (new) The system of claim 26, further comprising: 

means for storing call information in one or more frames of a call stack; and wherein 
means for verifying further comprises means for determining whether the one or more frames 
of the call stack corresponds to the trusted security logic. 
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28. (new) The system of claim 26, wherein means for verifying the trusted security logic further 
comprises means for verifying an application name. 

29. (new) The system of claim 28, wherein means for verifying the trusted security logic further 
comprises means for verifying a security function name. 

30. (new) The system of claim 22, wherein means for verifying trusted security logic further 
comprises means for verifying a module name. 

3 1 . (new) The system of claim 22, further comprising: 
means for collecting one or more session parameters; 

means for comparing the one or more session parameters against a set of trusted security 
parameters defined in a security function; and 

means for returning a result indicating whether the one or more session parameters matches 
the set of trusted security parameters. 

32. (new) The system of claim 22, further comprising: 
means for receiving information identifying the user; 
means for prompting the user for a password; 

means for authenticating the user based on information stored in an application program; and 
means for associating the user with a role. 
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